In order to transmit data on a network, it is often necessary to secure the data from unauthorized users and persons who may be actively attempting to intercept the data for illegal or insidious purposes. Government networks transmit sensitive defense information in military applications which, if intercepted, could compromise national security. Commercial networks transmit sensitive financial data and individuals' identification information, for example, which data or information could be used to transfer funds illegally or to misappropriate another person's identity. Since conventional network data packets (or IP packets) do not include inherent data security features, the data on a network is capable of being intercepted or reproduced by unauthorized users such as hackers or criminals. Often, data is communicated between private, secure networks over a network path that is not secure. The Internet, as a publicly accessible medium, is inherently such an unsecured network, yet it is often desirable, and even essential, that secure data networks be linked via the Internet or other exposed networks.
Data encryption techniques are deployed to secure information before sending the information over an unsecured network path. There are many types of data encryption, which form the basis for network security. One example of such an encryption scheme is High Assurance Internet Protocol Encryptor (HAIPE) used by the United States Department of Defense. HAIPE devices incorporate Internet Protocol Security (IPSec), a standard defined by the Internet Engineering Task Force (IETF), to provide encryption security. HAIPE devices provide cryptographic isolation between data in secured subnetwork groups, also referred to as secured security enclaves, and data that is transported across an unsecured network, also referred to as a shared transit network. When the data traffic is encrypted, packet exchanges and IP addresses that appear as readable text in the secured enclaves are converted to cipher text in the shared transit network. Segmentation of the network at cryptographic boundaries between secured enclaves and shared transit network nodes interferes with Quality of Service (QoS) mechanisms that require specified signaling messages to be exchanged between peer network elements to provide certain enhanced data transport services. The QoS architecture is discussed in greater detail below. In particular, QoS mechanisms, which provide the ability to reserve capacity on a network and establish a predetermined route between source and destination nodes, depend on information from data packets. Such encrypted data packets, however, cannot be deciphered by the shared transit network nodes.
The QoS architecture enables performance assurance and service differentiation in data networks. For example, videoconference transmissions may require a specified bandwidth over a continuous time interval, to provide the necessary video and audio quality, whereas sending a webpage to a network terminal requires less bandwidth and no defined time interval in which to reach the destination. These QoS architecture functions can be broadly classified as resource allocation and performance management. Allocation of network resources, such as routing devices and bandwidth, is necessary to ensure that the QoS requirements of various data traffic flows are satisfied. The QoS performance management aspect is to determine and establish the network path that each traffic flow should take, to optimize the number of user application sessions whose QoS requirements have been satisfied and to optimize the utilization of network resources.
Some data security standards, such as HAIPE, restrict the packet header information that can be exchanged between secured enclaves and shared transit network nodes, the shared transit network being separated from the secured enclaves by cryptographic boundaries. The packet header information that is permitted to cross a cryptographic boundary allows the sender from the secured enclave to specify a service level, e.g., expedited forwarding, assured forwarding, and “best efforts”, which are commonly-known forwarding behaviors. However, in the HAIPE-compliant network there is only limited provision capability for the application to communicate with the shared transit network node regarding QoS service levels such as path reservations and resource allocation for particular data flows. Further, there is no level of service assurance in the HAIPE environment, i.e., if the nodes in the shared transit network enter a load shedding state, the source of the data transmission is not notified of this condition. The source application is not explicitly aware that the requested service level was not provided by the network. If the network itself changes state and is unable to meet the cumulative data traffic loads admitted by the ingress traffic devices, neither the ingress traffic routers, nor the client applications, are informed of the failure to maintain the associated service quality. Consequently an application that is attempting to establish a flow of data traffic with a predetermined level of network service may not be aware whether a particular service state is being delivered to the application.
Thus, there is a need for a method of enabling QoS features that permit the reservation of resources on a data network with encryption boundaries, and provide a response from the destination verifying receipt of the data flows specified by the source application.